We are a technology company who have about 120 people but 200 wireless devices in our head office (as some people have three wirless devices - a laptop, phone and tablet). We originally had a Meraki wireless setup but had very poor performance when more than about 15-20 devices were connected to an access point which included things like frequent drops, inability to reconnect and general poor thorouput. I have since ripped that out and have purchased four IAP-225 access points hoping that it would better handle our density. I can expand that to maybe 6 if necessary but that will involve some work in getting an electrician out to run more ceiling runs of Ethernet etc.
The access points are set up so that at any spot in the long/narrow building you can see 2-3 of them even with the power set as 12 min 18 max - maybe ~30-40 feet apart on average and I have attached the config. We are about 1/4 Mac laptops, 1/4 Windows laptops and 1/2 phones/tables which are 75/25 iOS to Android. We do run MS Lync but have wired Lync phones which handle most of the voip role of that.
Since we put in this setup about a week ago we have seen many issues where the clients drop into a status with an exclamation point and say Limited Connectivity until they manually disconnect and reconnect or they need to turn their wifi off and back on on an iPad to get connectivity back. We have tried various things including disabling OKC, disabling 80 and then even 40 Mhz on the 5Ghz band, turning on/off ClientMatch etc. I just noticed that there was a firmware update though - I had been clicking the button under Maintenance and it said there wasn't but I signed in and got 188.8.131.52-184.108.40.206_44004 yesterday which I've just deployed. I am hoping that helps.
After the firmware update I turned ClientMatch back on because given the long/narrow building I've been seeing that when people leave their desks to go to meeting rooms they hang on to the access points and suffer poor performance etc.
I guess I am just trying to get a sense of how best to configure these points to get the best results for our ~200 wireless clients. Any advice would be appreciated as I went out on a limb ripping out the Meraki setup (which I had gone out on a limb choosing over controller-less Cisco a year and a half ago) by insisting that an Aruba setup would fix our issues with dropping and poor performance given our high density. For what it's worth most of our offices are only 20-30 people and the Meraki has been fine there - it is just in our device-heavy dense head office it was really crashing and burning.
I thought my config was attached but that doesn't seem to be working. Here it is:
version 220.127.116.11-4.1.0virtual-controller-country AUvirtual-controller-key a4f13610012ea71ab3645937acefd7ae5cc058f16d5c6ee171name Sydney-Wirelessvirtual-controller-ip 172.20.23.249virtual-controller-vlan 1 255.255.248.0 172.20.19.254terminal-accessntp-server 172.20.20.140clock timezone Sydney 10 00rf-band all
allow-new-apsallowed-ap 18:64:72:c8:d8:e2allowed-ap 18:64:72:c8:d8:06allowed-ap 18:64:72:c8:d8:aeallowed-ap 18:64:72:c8:d9:2c
armwide-bands nonemin-tx-power 12max-tx-power 18band-steering-mode disableair-time-fairness-mode preferred-accessclient-awarescanningclient-matchclient-match nb-matching 20client-match calc-threshold 1client-match calc-interval 10
syslog-level warn ap-debugsyslog-level warn networksyslog-level warn securitysyslog-level warn systemsyslog-level warn usersyslog-level warn user-debugsyslog-level warn wireless
user Guest 29194ba5b29293dafe3735b8221510ff0ae09aff3a8080db portal
mgmt-user info 9c445c4072d147cc18ad712fb58e7245e6b0fc054471a157
wlan access-rule default_wired_port_profileindex 0rule any any match any any any permit
wlan access-rule wired-instantindex 1rule masterip 0.0.0.0 match tcp 80 80 permitrule masterip 0.0.0.0 match tcp 4343 4343 permitrule any any match udp 67 68 permitrule any any match udp 53 53 permit
wlan access-rule Infomediaindex 2rule any any match any any any permit
wlan access-rule InfomediaRindex 3rule any any match any any any permit
wlan ssid-profile Infomediaenableindex 0type employeeessid Infomediaopmode wpa2-aesmax-authentication-failures 0auth-server vm-ifm-dc01rf-band allcaptive-portal disabledtim-period 1inactivity-timeout 1000broadcast-filter arpdynamic-multicast-optimizationdmo-channel-utilization-threshold 90local-probe-req-thresh 0max-clients-threshold 128okc-disable
wlan ssid-profile InfomediaRenableindex 1type employeeessid InfomediaRopmode wpa2-aesmax-authentication-failures 0auth-server vm-ifm-dc01rf-band allcaptive-portal disabledtim-period 1inactivity-timeout 1000broadcast-filter arpdynamic-multicast-optimizationdmo-channel-utilization-threshold 90local-probe-req-thresh 0max-clients-threshold 128okc-disabledot11rdot11k
auth-survivability cache-time-out 24
wlan auth-server vm-ifm-dc01ip 172.20.20.140port 1812acctport 1813timeout 30retry-count 5key 6a7366de1e6cd0a30deefca3423732c9cd00cbbfa4e6e553
wlan captive-portalbackground-color 13421772banner-color 16750848banner-text "Welcome to Guest Network"terms-of-use "This network is not secure, and use is at your own risk"use-policy "Please read terms and conditions before using Guest Network"authenticated
wlan external-captive-portalserver localhostport 80url "/"auth-text "Authenticated"auto-whitelist-disablehttps
blacklist-time 3600auth-failure-blacklist-time 3600
wired-port-profile wired-instantswitchport-mode accessallowed-vlan allnative-vlan guestno shutdownaccess-rule-name wired-instantspeed autoduplex autono poetype guestcaptive-portal disableno dot1x
wired-port-profile default_wired_port_profileswitchport-mode trunkallowed-vlan allnative-vlan 1shutdownaccess-rule-name default_wired_port_profilespeed autoduplex fullno poetype employeecaptive-portal disableno dot1x
uplinkpreemptionenforce nonefailover-internet-pkt-lost-cnt 10failover-internet-pkt-send-freq 30failover-vpn-timeout 180
airgroupservice airplaydisabledescription AirPlay
airgroupservice airprintdisabledescription AirPrint
Try turning on "Broadcast Filter ALL" on both of your SSIDs. If your wired and wireless clients are sharing the same layer-2 VLAN, that would deal with alot of broadcasts that are leaking from the wired network onto the wireless and causing contention.
Start with that.
Thanks to you both - I made the two changes you advised. Between those and the new firmware fingers crossed for Monday :)
The local probe threshold setting should only be changed if you have problems with roaming. You should leave that set to zero. Only change one thing at a time...
Our first day with the new firmware and that broadcast setting looked pretty good. I heard very little complaining and it seemed to hold up well to ~125 wireless clients which ClientMatch balanced pretty evenly across the 4 APs.
This was a bit of a slower day so I'll let you know when we have a day with more devices but so far I am impressed.
Did you get a chance to take a look at the Utilization during peak times? Please take a look at the link here for some statistics that you can take a look at in an IAP: http://www.arubanetworks.com/techdocs/Instant_40_WebHelp/InstantWebHelp.htm#UG_files/Instant_user_interface/Monitoring.htm
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.